[PATCH] Fix acct quoting in audit_log_acct_message())
John Dennis
jdennis at redhat.com
Tue Mar 4 18:29:42 UTC 2008
Tomas Mraz wrote:
> 1. Messages contain <name>=<value> pairs separated by spaces.
> 2. All <names> are just alphanumeric sequences.
> 3. Values can be either:
> a) byte sequences with the following special characters encoded as %XX
> where XX is hexadecimal value of the encoded byte. Special characters
> are: bytes with value <= 0x20 or >= 0x7F, '%', '(', ')', and '='.
> b) recursively embedded messages enclosed in '(' and ')' parentheses.
I think if a value is a string then the fact it is a string should be
explicit and the boundaries of the string should be delimited.
The simplest way to achieve this is by enclosing string values in double
quotes and assuring any double quote contained in the string is escaped.
If a value is not enclosed in double quotes it is not a string and is
not subject to unescaping (decoding).
--
John Dennis <jdennis at redhat.com>
More information about the Linux-audit
mailing list